Bug 531425 - Firefox 3.6b4 Crash in nsAuthSSPI::GetNextToken. r=bz.
authorJim Mathies <jmathies@mozilla.com>
Wed, 02 Dec 2009 13:26:24 -0600
changeset 35416 e58a42937197920e17ee580057133aa093c9ee18
parent 35415 0d807039820e38ffc18d28d939472f15ed03ef80
child 35417 009b0693775c4f6762feff02009c3aeab96d7832
push idunknown
push userunknown
push dateunknown
reviewersbz
bugs531425
milestone1.9.3a1pre
Bug 531425 - Firefox 3.6b4 Crash in nsAuthSSPI::GetNextToken. r=bz.
extensions/auth/nsAuthSSPI.cpp
extensions/auth/nsAuthSSPI.h
--- a/extensions/auth/nsAuthSSPI.cpp
+++ b/extensions/auth/nsAuthSSPI.cpp
@@ -265,28 +265,26 @@ nsAuthSSPI::Init(const char *serviceName
 
     SEC_WINNT_AUTH_IDENTITY_W ai;
     SEC_WINNT_AUTH_IDENTITY_W *pai = nsnull;
     
     // domain, username, and password will be null if nsHttpNTLMAuth's ChallengeReceived
     // returns false for identityInvalid. Use default credentials in this case by passing
     // null for pai.
     if (username && password) {
-        if (domain) {
-            ai.Domain = const_cast<unsigned short*>(domain);
-            ai.DomainLength = wcslen(domain);
-        }
-        else {
-            ai.Domain = NULL;
-            ai.DomainLength = 0;
-        }
-        ai.User = const_cast<unsigned short*>(username);
-        ai.UserLength = wcslen(username);
-        ai.Password = const_cast<unsigned short*>(password);
-        ai.PasswordLength = wcslen(password);
+        // Keep a copy of these strings for the duration
+        mUsername.Assign(username);
+        mPassword.Assign(password);
+        mDomain.Assign(domain);
+        ai.Domain = reinterpret_cast<unsigned short*>(mDomain.BeginWriting());
+        ai.DomainLength = mDomain.Length();
+        ai.User = reinterpret_cast<unsigned short*>(mUsername.BeginWriting());
+        ai.UserLength = mUsername.Length();
+        ai.Password = reinterpret_cast<unsigned short*>(mPassword.BeginWriting());
+        ai.PasswordLength = mPassword.Length();
         ai.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
         pai = &ai;
     }
 
     rc = (sspi->AcquireCredentialsHandleW)(NULL,
                                            package,
                                            SECPKG_CRED_OUTBOUND,
                                            NULL,
--- a/extensions/auth/nsAuthSSPI.h
+++ b/extensions/auth/nsAuthSSPI.h
@@ -73,11 +73,14 @@ private:
 
 private:
     CredHandle   mCred;
     CtxtHandle   mCtxt;
     nsCString    mServiceName;
     PRUint32     mServiceFlags;
     PRUint32     mMaxTokenLen;
     pType        mPackage;
+    nsString     mDomain;
+    nsString     mUsername;
+    nsString     mPassword;
 };
 
 #endif /* nsAuthSSPI_h__ */